Len Sassaman
Tue May 7 23:19:02 2002

On Tue, 7 May 2002, Len Sassaman wrote:

> One of my complaints with GnuPG is the over-abundance of different ciphers

Correction: that should have read "One of my complaints about OpenPGP..."

This isn't by any means a GnuPG-specific problem. GnuPG implements nearly
all of the ciphers defined in OpenPGP (and I think perhaps it should be
more conservative in the ones it chooses), but the fact that they're
defined in the first place allows this to happen.

Another issue with having multiple hashes: because of the way OpenPGP
handles DSA signatures, if one supported hash is broken, all DSA
signatures will be breakable in PGP. (This has been discussed before on
the OpenPGP WG List) -- I'll dig up a cite if someone insists). Currently,
RIPEMD-160 and SHA-1 are in use, and an attacker would only have to break
*one* of those hash functions in order to break OpenPGP DSA signatures.
(While PGP doesn't generate RIPEMD-160, it does understand it).

Adding in the three new SHAs makes this problem even more likely to occur.
Tread carefully.